I am afraid that you do not understand the law and the changes in the law. One notable change in the law is you are required to let users opt out of tracking cookies and cannot use implied consent. When I visited your demo site I was cookied by the site, which is considered an essential cookie. That is ok if it is a session cookie.
But I was also cookied by a facebook tracking cookie. That is NOT ok under GDPR. You have shared my data with a 3rd party without warning me beforehand and getting my consent beforehand. This subjects you to fines. Please read this: https://www.itgovernance.eu/blog/en/how-the-gdpr-affects-cookie-policies
Implied consent is no longer sufficient. Consent must be given through a clear affirmative action, such as clicking an opt-in box or choosing settings or preferences on a settings menu. Simply visiting a site doesn’t count as consent.
‘By using this site, you accept cookies’ messages are also not sufficient for the same reasons. If there is no genuine and free choice, then there is no valid consent. You must make it possible to both accept or reject cookies. This means:
It must be as easy to withdraw consent as it is to give it. If organisations want to tell people to block cookies if they don’t give their consent, they must make them accept cookies first.
Sites will need to provide an opt-out option. Even after getting valid consent, sites must give people the option to change their mind. If you ask for consent through opt-in boxes in a settings menu, users must always be able to return to that menu to adjust their preferences.
None of these obligations are met in regards to third party cookies.